JavaScript support is required for our site to be fully operational in your browser.
Linux.Mirai.1514
Added to the Dr.Web virus database:
2018-07-03
Virus description added:
2018-07-02
Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
d3i33o1qgesu3rmqkminf6w4q2e4u8ui
Launches processes:
sh -c echo \"export http_proxy=http://proxy.yoyodyne.com:18023/\" >> ~/.bashrc
ps -ef
grep -E wget|curl|tftp|ftp
grep -v 22820
awk {print $2}
xargs kill -9
kill -9
sh -c ps -ef|grep -E \"wget|curl|tftp|ftp\"|grep -v $$|awk '{print $2}'|xargs kill -9
grep -v 22829
sh -c ./thqjnbrrr16w
./thqjnbrrr16w
grep -v 22842
sh -c crontab -r
crontab -r
Network activity:
Awaits incoming connections on ports:
Establishes connection:
8.#.8.8:53
37.###.195.248:21
94.###.48.154:45700
Attacks using a special dictionary (brute-force technique) via the SSH protocol
DNS ASK:
m.###nutman.ru
xm#.###l.minergate.com
Sends data to the following servers:
Receives data from the following servers:
Other:
Collects CPU information
Collects RAM information
Collects information about network activity
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK